Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Listing Users in AD

billyboy
Champ in-the-making
Champ in-the-making

‎03-16-2012 08:30 AM

Hi all,

I have setup my install and authentication to AD is working well, followed this link here for reference: http://andoylang.wordpress.com/2010/07/18/alfresco-with-active-directory/ the issue I now seem to have is inviting people to join the site.  When ever I try and list anybody it just says no users found, I presume this is because it is still looking to the local userdatabase and not AD to get the users?

I should point out I'm using alfresco for Windows

Question is, can it be configured to check in AD for people for me to add ?

Thanks

Will
Labels:
0 Kudos
14 REPLIES 14

billerby
Champ on-the-rise
Champ on-the-rise

‎03-16-2012 11:43 AM

As I remember it, the authentication process is different from the synchronisation process. This means that when authenticating the subsystem your users will authenticate against the AD directly. However to be able to invite users residing in your AD, the Alfresco synchronisation process will have to work (and have run) first. That is, all user information will be imported into Alfresco. For this to work, you will need a User that is authorised in the AD to query for all users, and your person- och group queries will need to be validated to work.

Regards
/Erik
0 Kudos

jonash
Champ in-the-making
Champ in-the-making

‎03-16-2012 11:44 AM

Hi,

This is very likely a sign that user and group synchronization is not configured correctly. Authentication and synchronization are two different subsystems in Alfresco. Authentication is used to log-in. Synchronization to create the Active Directory users and groups in Alfresco so they can be displayed when selecting a user or group.

Verify if all parameters starting with ldap.synchronization are correct in your alfresco-global.properties, specifically the following:


ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url
ldap.synchronization.java.naming.security.principal
ldap.synchronization.java.naming.security.credentials
ldap.synchronization.groupSearchBase
ldap.synchronization.userSearchBase

You can check the log files to see if users and groups are being synchronized.
0 Kudos

billyboy
Champ in-the-making
Champ in-the-making

‎03-16-2012 03:04 PM

Many thanks for the replies, Heres the properties file from the windows box, as I'm fairly new I must be missing something.  When i search for users it still only lists local users not AD ones.  could it be that despite the instruction saying the security.principal should form the netbiosdomain that it should infact be the FQDN?

Thanks



###############################
## Common Alfresco Properties #
###############################

dir.root=D:/Alfresco/alf_data

alfresco.context=alfresco
alfresco.host=alf
alfresco.port=8080
alfresco.protocol=http

share.context=share
share.host=alf
share.port=8080
share.protocol=http

### database connection properties ###
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=mypassword
db.name=alfresco
db.url=jdbcSmiley Tongueostgresql://localhost:5432/${db.name}

### FTP Server Configuration ###
ftp.enabled=true
ftp.port=21
ftp.ipv6.enabled=false

### RMI service ports ###
alfresco.rmi.services.port=50500
avm.rmi.service.port=0
avmsync.rmi.service.port=0
attribute.rmi.service.port=0
authentication.rmi.service.port=0
repo.rmi.service.port=0
action.rmi.service.port=0
deployment.rmi.service.port=0

### External executable locations ###
ooo.exe=/App/openoffice/program/soffice.exe
ooo.enabled=true
ooo.port=8100
ooo.port=8100
img.root=D:/Alfresco/imagemagick
img.dyn=${img.root}/lib
img.exe=${img.root}/convert
swf.exe=D:/Alfresco/swftools/pdf2swf.exe
jodconverter.enabled=false
jodconverter.officeHome=/App/openoffice
jodconverter.portNumbers=8100

### Initial admin password ###
alfresco_user_store.adminpassword=

### E-mail site invitation setting ###
notification.email.siteinvite=false

### File Protocol Root ###
protocols.rootPath=/${spaces.company_home.childname}/${spaces.sites.childname}

### License location ###
dir.license.external=D:/Alfresco

### Solr indexing ###
index.subsystem.name=solr
dir.keystore=${dir.root}/keystore
solr.port.ssl=8443

### BPM Engine ###
system.workflow.engine.jbpm.enabled=false

### AD Auth ##
authentication.chain=passthru1Smiley Tongueassthru,ldap1:ldap
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=false
passthru.authentication.authenticateCIFS=flase
passthru.authentication.authenticateFTP=flase
passthru.authentication.servers=ipaddressofserver
passthru.authentication.domain=netbiosdomainname
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=adminusername
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
ldap.authentication.active=false
ldap.authenticatiion.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin-false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://IPofserver:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=netbiosdomain\username
ldap.synchronization.java.naming.security.credentials=userpasswrd
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user))userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronisation.groupQuery=(objectclass\=group)
ldap.synchronization.groupSearchBase=cn\=users,dc=domain,dc=com
ldap.synchronization.userSearchBase=cn\=users,dc=domain,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.OZ'
ldap.synchronization.userIdAttributeName=sAMAcountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true
cifs.enabled=false
mail.host=mailserver
mail.port=25
mail.from.default=bod@bod.com
mail.smtp.auth=false
mail.protocol=smtp
mail.testmessage.send=true
mail.testmessage.to=flo@bod.com
mail.testmessage.subject=Alf Test
mail.testmessage.text=Test email using Alfresco
0 Kudos

billyboy
Champ in-the-making
Champ in-the-making

‎03-16-2012 04:18 PM

Another thing I forgot to mention, the server is Windows 2008 RC2
0 Kudos

billerby
Champ on-the-rise
Champ on-the-rise

‎03-17-2012 05:19 AM

Try query the AD with this free tool to start with:

http://www.ldapbrowser.com/

This will make sure you have a valid principal and that your queries are working.

/Erik
0 Kudos

billyboy
Champ in-the-making
Champ in-the-making

‎03-17-2012 07:09 AM

Hi Eric, thanks for the tool 🙂  I've now got access via that using usingname@mycomain.com and the password of the user.  That connects through and works, I can list users and query the system, I've changed the properties file (below) yet still when I login and go to invite users it still only lists those in the local user database, if i go to he users section the add users is greyed out, which I would expect based on the config, and if I search there I also only get local users  :cry:

### AD Auth ##
authentication.chain=passthru1Smiley Tongueassthru,ldap1:ldap
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=false
passthru.authentication.authenticateCIFS=flase
passthru.authentication.authenticateFTP=flase
passthru.authentication.servers=ipofldapserver
passthru.authentication.domain=netbiosdomain
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=myusername
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
ldap.authentication.active=false
ldap.authenticatiion.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin-false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://ipofldapserver:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=myusername@mydomain.com
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user))userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronisation.groupQuery=(objectclass\=group)
ldap.synchronization.groupSearchBase=dc=mydomain,dc=com
ldap.synchronization.userSearchBase=dc=mydomain,dc=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.OZ'
ldap.synchronization.userIdAttributeName=sAMAcountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

Any ideas?  This is the last bit that's stopping me from putting the server live so any pointers at all would be hugely appreciated.

Thanks
0 Kudos

billerby
Champ on-the-rise
Champ on-the-rise

‎03-17-2012 07:21 AM

Well, start with activating debug loggning for the synchronization job in log4j.properties:

log4j.logger.org.alfresco.repo.security.sync=debug

By default it should synchronize on startup.

This page should help:

http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem

/Erik
0 Kudos

billyboy
Champ in-the-making
Champ in-the-making

‎03-17-2012 11:11 AM

here's the latest extract from the log…


2012-03-17 14:37:01,789  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Starting 'email' subsystem, ID: [email, inbound]
2012-03-17 14:37:01,835  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Startup of 'email' subsystem, ID: [email, inbound] complete
2012-03-17 14:37:01,835  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Starting 'googledocs' subsystem, ID: [googledocs, default]
2012-03-17 14:37:01,867  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Startup of 'googledocs' subsystem, ID: [googledocs, default] complete
2012-03-17 14:37:01,867  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Starting 'Subscriptions' subsystem, ID: [Subscriptions, default]
2012-03-17 14:37:01,882  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Startup of 'Subscriptions' subsystem, ID: [Subscriptions, default] complete
2012-03-17 14:37:01,882  INFO  [repo.usage.UserUsageTrackingComponent] [Thread-1] Disabled - clear non-missing user usages …
2012-03-17 14:37:01,929  INFO  [management.subsystems.ChildApplicationContextFactory] [DefaultScheduler_Worker-3] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
2012-03-17 14:37:01,945  INFO  [repo.usage.UserUsageTrackingComponent] [Thread-1] Found 0 users to clear
2012-03-17 14:37:01,945  INFO  [repo.usage.UserUsageTrackingComponent] [Thread-1] … cleared non-missing usages for 0 users
2012-03-17 14:37:01,945  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2012-03-17 14:37:02,023  INFO  [management.subsystems.ChildApplicationContextFactory] [DefaultScheduler_Worker-3] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete
2012-03-17 14:37:02,023  INFO  [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] Synchronizing users and groups with user registry 'ldap1'
2012-03-17 14:37:02,023  INFO  [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] Retrieving all groups from user registry 'ldap1'
2012-03-17 14:37:02,054  DEBUG [sync.ldap.LDAPUserRegistry] [Thread-1] Found 0
2012-03-17 14:37:02,054  INFO  [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] ldap1 Group Analysis: Commencing batch of 0 entries
2012-03-17 14:37:02,054  INFO  [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] ldap1 Group Analysis: Completed batch of 0 entries
2012-03-17 14:37:02,054  INFO  [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] Retrieving all users from user registry 'ldap1'
2012-03-17 14:37:02,069  ERROR [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 02170004 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.access$2500(LDAPUserRegistry.java:77)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection.<init>(LDAPUserRegistry.java:1297)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:544)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1356)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:435)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1650)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:519)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1644)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ChildApplicationContext.publishEvent(ChildApplicationContextFactory.java:485)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:685)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:667)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:473)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:209)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:180)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:303)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4135)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4630)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.CommunicationException: Request: 3 cancelled; remaining name 'dc=domain,dc=com'
   at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60)
   at com.sun.jndi.ldap.Connection.readReply(Connection.java:414)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1129)
   … 49 more
2012-03-17 14:37:02,147  WARN  [security.sync.ChainingUserRegistrySynchronizer] [Thread-1] Failed initial synchronize with user registries
org.alfresco.error.AlfrescoRuntimeException: 02170004 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1141)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.access$2500(LDAPUserRegistry.java:77)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$PersonCollection.<init>(LDAPUserRegistry.java:1297)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getPersons(LDAPUserRegistry.java:544)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:1356)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:435)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1650)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:519)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1644)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ChildApplicationContext.publishEvent(ChildApplicationContextFactory.java:485)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:685)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:667)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:473)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:209)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:180)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:303)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4135)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4630)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
   at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
   at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
   at org.apache.catalina.core.StandardService.start(StandardService.java:519)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.CommunicationException: Request: 3 cancelled; remaining name 'dc=domain,dc=com'
   at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60)
   at com.sun.jndi.ldap.Connection.readReply(Connection.java:414)
   at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
   at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
   at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1129)
   … 49 more
2012-03-17 14:37:02,147  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
2012-03-17 14:37:02,241  INFO  [service.descriptor.DescriptorService] [Thread-1] Alfresco JVM - v1.6.0_22-b04; maximum heap size 910.250MB
2012-03-17 14:37:02,241  INFO  [service.descriptor.DescriptorService] [Thread-1] Alfresco started (Community). Current version: 4.0.0 (4003) schema 5,025. Originally installed version: 4.0.0 (4003) schema 5,025.
2012-03-17 14:37:02,241  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Starting 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default]
2012-03-17 14:37:02,319  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Startup of 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default] complete
2012-03-17 14:37:02,319  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Starting 'Replication' subsystem, ID: [Replication, default]
2012-03-17 14:37:02,335  INFO  [management.subsystems.ChildApplicationContextFactory] [Thread-1] Startup of 'Replication' subsystem, ID: [Replication, default] complete

Can't see anything that would immediately jump out at me but I'm rubbish 🙂
0 Kudos

billerby
Champ on-the-rise
Champ on-the-rise

‎03-17-2012 11:57 AM

I think you have errors in your person queries:


ldap.synchronization.personQuery=(&(objectclass=user))userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(objectclass=user)(!(modifyTimestamp<\={0})))

The first line has two more left brackets than right ones.
The second one has one more left bracket. Since the group query succeeds (with 0 groups imported) the communication seems to work. The ldaprequest is probably cancelled because of an error in the query.

/Erik
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC